Importing release summary for 11.7.0 release.

git-svn-id: https://origsvn.digium.com/svn/asterisk/tags/11.7.0@404026 65c4cc65-6c06-0410-ace0-fbb531ad65f3

.lastclean

@@ -0,0 +1 @@
+40

.version

@@ -0,0 +1 @@
+11.7.0

README-SERIOUSLY.bestpractices.txt

@@ -26,6 +26,9 @@ Sections
 * Manager Class Authorizations:
         Recognizing potential issues with certain classes of authorization
 
+* Avoid Privilege Escalations:
+        Disable the ability to execute functions that may escalate privileges
+
 ----------------
 Additional Links
 ----------------
@@ -344,3 +347,24 @@ same as the class authorization "system".  Good system configuration, such as
 not running Asterisk as root, can prevent serious problems from arising when
 allowing external connections to originate calls into Asterisk.
 
+===========================
+Avoid Privilege Escalations
+===========================
+
+External control protocols, such as Manager, often have the ability to get and
+set channel variables; which allows the execution of dialplan functions.
+
+Dialplan functions within Asterisk are incredibly powerful, which is wonderful
+for building applications using Asterisk. But during the read or write
+execution, certain diaplan functions do much more. For example, reading the
+SHELL() function can execute arbitrary commands on the system Asterisk is
+running on. Writing to the FILE() function can change any file that Asterisk has
+write access to.
+
+When these functions are executed from an external protocol, that execution
+could result in a privilege escalation. Asterisk can inhibit the execution of
+these functions, if live_dangerously in the [options] section of asterisk.conf
+is set to no.
+
+For backwards compatibility, live_dangerously defaults to yes, and must be
+explicitly set to no to enable this privilege escalation protection.

UPGRADE.txt

@@ -26,6 +26,14 @@ ConfBridge
    conference.  The language can be set on a bridge profile in confbridge.conf
    or by the dialplan function CONFBRIDGE(bridge,language)=en.
 
+* Certain dialplan functions have been marked as 'dangerous', and may only be
+  executed from the dialplan. Execution from extenal sources (AMI's GetVar and
+  SetVar actions; etc.) may be inhibited by setting live_dangerously in the
+  [options] section of asterisk.conf to no. SHELL(), channel locking, and direct
+  file read/write functions are marked as dangerous. DB_DELETE() and
+  REALTIME_DESTROY() are marked as dangerous for reads, but can now safely
+  accept writes (which ignore the provided value).
+
 From 11.5 to 11.6:
 * res_agi will now properly indicate if there was an error in streaming an
   audio file.  The result code will be -1 and the result returned from the

apps/app_sms.c

@@ -696,7 +696,7 @@ static void unpacksms16(unsigned char *i, unsigned char l, unsigned char *udh, i
 	}
 	while (l--) {
 		int v = *i++;
-		if (l--) {
+		if (l && l--) {
 			v = (v << 8) + *i++;
 		}
 		*o++ = v;
@@ -714,6 +714,7 @@ static int unpacksms(unsigned char dcs, unsigned char *i, unsigned char *udh, in
 	} else if (is8bit(dcs)) {
 		unpacksms8(i, l, udh, udhl, ud, udl, udhi);
 	} else {
+		l += l % 2;
 		unpacksms16(i, l, udh, udhl, ud, udl, udhi);
 	}
 	return l + 1;

asterisk-11.7.0-summary.html

@@ -0,0 +1,457 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Release Summary - asterisk-11.7.0</title></head>
+<body>
+<h1 align="center"><a name="top">Release Summary</a></h1>
+<h3 align="center">asterisk-11.7.0</h3>
+<h3 align="center">Date: 2013-12-17</h3>
+<h3 align="center">&lt;asteriskteam@digium.com&gt;</h3>
+<hr/>
+<h2 align="center">Table of Contents</h2>
+<ol>
+   <li><a href="#summary">Summary</a></li>
+   <li><a href="#contributors">Contributors</a></li>
+   <li><a href="#issues">Closed Issues</a></li>
+   <li><a href="#commits">Other Changes</a></li>
+   <li><a href="#diffstat">Diffstat</a></li>
+</ol>
+<hr/>
+<a name="summary"><h2 align="center">Summary</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This release includes only bug fixes.  The changes included were made only to address problems that have been identified in this release series.  Users should be able to safely upgrade to this version if this release series is already in use.  Users considering upgrading from a previous release series are strongly encouraged to review the UPGRADE.txt document as well as the CHANGES document for information about upgrading to this release series.</p>
+<p>The data in this summary reflects changes that have been made since the previous release, asterisk-11.6.0.</p>
+<hr/>
+<a name="contributors"><h2 align="center">Contributors</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release.  For coders, the number is how many of their patches (of any size) were committed into this release.  For testers, the number is the number of times their name was listed as assisting with testing a patch.  Finally, for reporters, the number is the number of issues that they reported that were closed by commits that went into this release.</p>
+<table width="100%" border="0">
+<tr>
+<td width="33%"><h3>Coders</h3></td>
+<td width="33%"><h3>Testers</h3></td>
+<td width="33%"><h3>Reporters</h3></td>
+</tr>
+<tr valign="top">
+<td>
+11 jrose<br/>
+8 rmudgett<br/>
+5 elguero<br/>
+4 bebuild<br/>
+4 kmoore<br/>
+4 wdoekes<br/>
+3 mjordan<br/>
+2 kharwell<br/>
+2 NITESH BANSAL<br/>
+2 sgriepentrog<br/>
+1 abelbeck<br/>
+1 adomjan<br/>
+1 coreyfarrell<br/>
+1 Filip Jenicek<br/>
+1 junky<br/>
+1 mmichelson<br/>
+1 nbougues<br/>
+1 Oscar Esteve<br/>
+1 Simone Camporeale<br/>
+1 Torrey Searle<br/>
+1 tsearle<br/>
+1 tzafrir<br/>
+</td>
+<td>
+3 elguero<br/>
+1 Ben Smithurst<br/>
+1 Dalius M.<br/>
+1 rmudgett<br/>
+1 wdoekes<br/>
+</td>
+<td>
+2 gkelleter<br/>
+2 nbansal<br/>
+2 tsearle<br/>
+1 abelbeck<br/>
+1 adomjan<br/>
+1 aragon<br/>
+1 arcanos<br/>
+1 bensmithurst<br/>
+1 brianscott<br/>
+1 coreyfarrell<br/>
+1 dario<br/>
+1 docent<br/>
+1 elguero<br/>
+1 frenk77<br/>
+1 jbigelow<br/>
+1 jkister<br/>
+1 jllull<br/>
+1 jrose<br/>
+1 kharwell<br/>
+1 kmoore<br/>
+1 londonnet<br/>
+1 mdalius<br/>
+1 mjordan<br/>
+1 nbougues<br/>
+1 oscares<br/>
+1 patrickm<br/>
+1 phill<br/>
+1 rudolf<br/>
+1 simone.camporeale<br/>
+1 skavin<br/>
+1 tomaso<br/>
+1 wdoekes<br/>
+</td>
+</tr>
+</table>
+<hr/>
+<a name="issues"><h2 align="center">Closed Issues</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p>
+<h3>Category: Applications/app_confbridge</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-19983">ASTERISK-19983</a>: ConfBridge does not expose a mechanism to change the language on the Bridging channel, defaulting to 'en'<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400741">400741</a><br/>
+Reporter: londonnet<br/>
+Testers: rmudgett<br/>
+Coders: junky<br/>
+<br/>
+<h3>Category: Applications/app_queue</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21826">ASTERISK-21826</a>: [patch] Bad queue_log entry when removed member from queue via CLI<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401433">401433</a><br/>
+Reporter: oscares<br/>
+Coders: Oscar Esteve<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22197">ASTERISK-22197</a>: [patch] Queuelog EXITWITHKEY only two of four parameters<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400623">400623</a><br/>
+Reporter: mdalius<br/>
+Testers: Dalius M.<br/>
+Coders: elguero<br/>
+<br/>
+<h3>Category: Applications/app_voicemail</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<h3>Category: Bridges/bridge_native_rtp</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22424">ASTERISK-22424</a>: bridge_native_rtp: Asterisk 12 attempts to remotely bridge on 200OK response to invite when the 200 lacks SDP<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399962">399962</a><br/>
+Reporter: jrose<br/>
+Coders: jrose<br/>
+<br/>
+<h3>Category: CDR/cdr_adaptive_odbc</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22272">ASTERISK-22272</a>: [patch] Unexepected behaviour with adaptive odbc filter<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401579">401579</a><br/>
+Reporter: jllull<br/>
+Coders: rmudgett<br/>
+<br/>
+<h3>Category: Channels/chan_dahdi</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<h3>Category: Channels/chan_mgcp</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21190">ASTERISK-21190</a>: chan_mgcp crash on chunked m= sdp line<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401538">401538</a><br/>
+Reporter: adomjan<br/>
+Coders: adomjan<br/>
+<br/>
+<h3>Category: Channels/chan_pjsip</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22667">ASTERISK-22667</a>: crash: directmedia with both phones placing each other on hold<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401446">401446</a><br/>
+Reporter: jbigelow<br/>
+Coders: mjordan<br/>
+<br/>
+<h3>Category: Channels/chan_sip/CodecHandling</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21131">ASTERISK-21131</a>: [patch] - Asterisk creates SDP with (peer) unsupported audio codec<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401498">401498</a><br/>
+Reporter: nbougues<br/>
+Coders: nbougues<br/>
+<br/>
+<h3>Category: Channels/chan_sip/General</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21204">ASTERISK-21204</a>: Asterisk increments the session version in 2xx message even if a '183 Session in Progress' with SDP has already been sent in response to initial INVITE.<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400908">400908</a><br/>
+Reporter: nbansal<br/>
+Coders: NITESH BANSAL<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22477">ASTERISK-22477</a>: array calleridname in the function check_user_full is too short<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400014">400014</a><br/>
+Reporter: docent<br/>
+Coders: rmudgett<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22621">ASTERISK-22621</a>: chan_sip can send two BYEs for a single call<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400971">400971</a><br/>
+Reporter: kmoore<br/>
+Coders: mmichelson<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22667">ASTERISK-22667</a>: crash: directmedia with both phones placing each other on hold<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401446">401446</a><br/>
+Reporter: jbigelow<br/>
+Coders: mjordan<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22729">ASTERISK-22729</a>: [patch] Remove Port Restriction When Checking For NAT<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401182">401182</a><br/>
+Reporter: elguero<br/>
+Testers: elguero<br/>
+Coders: elguero<br/>
+<br/>
+<h3>Category: Channels/chan_sip/Interoperability</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22005">ASTERISK-22005</a>: Allow a sip peer to accept both AVP and AVPF calls<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401884">401884</a><br/>
+Reporter: tsearle<br/>
+Coders: tsearle<br/>
+<br/>
+<h3>Category: Channels/chan_sip/Registration</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-17138">ASTERISK-17138</a>: [patch] Asterisk not re-registering after it receives "Forbidden - wrong password on authentication"<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400140">400140</a><br/>
+Reporter: rudolf<br/>
+Coders: kmoore<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22236">ASTERISK-22236</a>: REGISTER reply send to bad port with nat=yes(or force_rport,comedia) in 11.5.0<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401167">401167</a><br/>
+Reporter: frenk77<br/>
+Testers: elguero<br/>
+Coders: elguero<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22428">ASTERISK-22428</a>: [patch] SIP unregister does not fully unregister when using Realtime sip peers and Expires not 0 on 200ok<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399795">399795</a><br/>
+Reporter: bensmithurst<br/>
+Testers: Ben Smithurst, elguero<br/>
+Coders: elguero<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22574">ASTERISK-22574</a>: [patch]Value of expires= is ignored in the Contact header<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400470">400470</a><br/>
+Reporter: phill<br/>
+Coders: Filip Jenicek<br/>
+<br/>
+<h3>Category: Channels/chan_sip/T.38</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-17273">ASTERISK-17273</a>: [patch] - Incorrect address specified in SIP re-INVITE with T.38 when directmedia enabled<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399457">399457</a><br/>
+Reporter: dario<br/>
+Coders: jrose<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-18706">ASTERISK-18706</a>: UDPTL fail while using directmedia<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399457">399457</a><br/>
+Reporter: jkister<br/>
+Coders: jrose<br/>
+<br/>
+<h3>Category: Codecs/codec_ilbc</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<h3>Category: Core/BuildSystem</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22351">ASTERISK-22351</a>: Segfault in LIBEDIT_INTERNAL after tgetstr(), when libncurses5-dev isn't installed<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401326">401326</a><br/>
+Reporter: arcanos<br/>
+Coders: wdoekes<br/>
+<br/>
+<h3>Category: Core/General</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22351">ASTERISK-22351</a>: Segfault in LIBEDIT_INTERNAL after tgetstr(), when libncurses5-dev isn't installed<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401326">401326</a><br/>
+Reporter: arcanos<br/>
+Coders: wdoekes<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<h3>Category: Core/Jitterbuffer</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<h3>Category: Core/Logging</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22456">ASTERISK-22456</a>: Logger.conf: Logging types ignored after specifying a verbose level<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401833">401833</a><br/>
+Reporter: kharwell<br/>
+Coders: kharwell<br/>
+<br/>
+<h3>Category: Core/ManagerInterface</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22578">ASTERISK-22578</a>: Invalid manager logins aren't reported via security events: Invalid IE Specified ERROR<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400421">400421</a><br/>
+Reporter: mjordan<br/>
+Coders: kmoore<br/>
+<br/>
+<h3>Category: Core/RTP</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21464">ASTERISK-21464</a>: with directrtpsetup some payload type identifiers from A party's INVITE are not copied to the INVITE for B party<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=402042">402042</a><br/>
+Reporter: skavin<br/>
+Coders: sgriepentrog<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22424">ASTERISK-22424</a>: bridge_native_rtp: Asterisk 12 attempts to remotely bridge on 200OK response to invite when the 200 lacks SDP<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399962">399962</a><br/>
+Reporter: jrose<br/>
+Coders: jrose<br/>
+<br/>
+<h3>Category: Core/UDPTL</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-18706">ASTERISK-18706</a>: UDPTL fail while using directmedia<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399457">399457</a><br/>
+Reporter: jkister<br/>
+Coders: jrose<br/>
+<br/>
+<h3>Category: Functions/func_config</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22483">ASTERISK-22483</a>: AST_LIST_INSERT_TAIL doesn't set field.next on added entry<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400697">400697</a><br/>
+Reporter: brianscott<br/>
+Coders: kmoore<br/>
+<br/>
+<h3>Category: Functions/func_math</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<h3>Category: General</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22540">ASTERISK-22540</a>: WARNING[2324] asterisk.c: Fork failed: Cannot allocate memory in /var/log/asterisk/messages then segfault<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399513">399513</a><br/>
+Reporter: aragon<br/>
+Coders: kharwell<br/>
+<br/>
+<h3>Category: Resources/res_jabber</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22410">ASTERISK-22410</a>: [patch] Change "Error isn't a PubSub error ..." error log to a debug log<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401120">401120</a><br/>
+Reporter: abelbeck<br/>
+Coders: abelbeck<br/>
+<br/>
+<h3>Category: Resources/res_odbc</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22459">ASTERISK-22459</a>: Compiling res_odbc against iODBC instead of unixodbc produces runtime errors<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400768">400768</a><br/>
+Reporter: patrickm<br/>
+Testers: wdoekes<br/>
+Coders: wdoekes<br/>
+<br/>
+<h3>Category: Resources/res_rtp_asterisk</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21170">ASTERISK-21170</a>: DTMF timestamp issue<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401620">401620</a><br/>
+Reporter: nbansal<br/>
+Coders: NITESH BANSAL<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-21917">ASTERISK-21917</a>: [patch] STUN crashes when SIP is bound to ipv4 and ipv6<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400681">400681</a><br/>
+Reporter: tsearle<br/>
+Coders: Torrey Searle<br/>
+<br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22667">ASTERISK-22667</a>: crash: directmedia with both phones placing each other on hold<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401446">401446</a><br/>
+Reporter: jbigelow<br/>
+Coders: mjordan<br/>
+<br/>
+<h3>Category: Resources/res_rtp_multicast</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22567">ASTERISK-22567</a>: [patch]MutlicastRTP does not set SSRC. SSRC is always set to 0<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400394">400394</a><br/>
+Reporter: simone.camporeale<br/>
+Coders: Simone Camporeale<br/>
+<br/>
+<h3>Category: Resources/res_xmpp</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22410">ASTERISK-22410</a>: [patch] Change "Error isn't a PubSub error ..." error log to a debug log<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401120">401120</a><br/>
+Reporter: abelbeck<br/>
+Coders: abelbeck<br/>
+<br/>
+<h3>Category: Tests/General</h3><br/>
+<a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a>: [patch] memory leaks 1.8+<br/>
+Revision: <a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401830">401830</a><br/>
+Reporter: coreyfarrell<br/>
+Coders: coreyfarrell<br/>
+<br/>
+<hr/>
+<a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a list of all changes that went into this release that did not directly close an issue from the issue tracker.  The commits may have been marked as being related to an issue.  If that is the case, the issue numbers are listed here, as well.</p>
+<table width="100%" border="1">
+<tr><td><b>Revision</b></td><td><b>Author</b></td><td><b>Summary</b></td><td><b>Issues Referenced</b></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399564">399564</a></td><td>kmoore</td><td>Ensure global types in the config framework are initialized</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399708">399708</a></td><td>rmudgett</td><td>chan_iax2: Prevent some needless breaking of the native IAX2 bridge.</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=399834">399834</a></td><td>rmudgett</td><td>chan_dahdi: CLI "core stop gracefully" has needless delay for PRI and SS7.</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400279">400279</a></td><td>tzafrir</td><td>man pages for astdb2bdb and astdb2sqlite3</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400315">400315</a></td><td>elguero</td><td>Cast Integer Argument To Unsigned Char</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400723">400723</a></td><td>rmudgett</td><td>app_confbridge: Fix duplicate default_user profile.</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=400909">400909</a></td><td>rmudgett</td><td>chan_dahdi: Reflect the set software gain in the CLI "dahdi show channel" output.</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22429">ASTERISK-22429</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401016">401016</a></td><td>rmudgett</td><td>chan_iax2: Fix channel left locked in off nominal code path.</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401076">401076</a></td><td>wdoekes</td><td>Don't check all realtime queues when doing "queue show some_queue".</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401379">401379</a></td><td>rmudgett</td><td>chan_dahdi: Fix unable to get index warning when transferring an analog call.</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401661">401661</a></td><td>jrose</td><td>memory leaks: Memory leak cleanup patch by Corey Farrell (first set)</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401705">401705</a></td><td>jrose</td><td>memory leaks: Memory leak cleanup patch by Corey Farrell (second set)</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401744">401744</a></td><td>jrose</td><td>app_voicemail: Memory Leaks against tests</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401783">401783</a></td><td>jrose</td><td>astobj2: Unregister debug CLI commands at exit</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401787">401787</a></td><td>jrose</td><td>jitterbuf: Fix memory leak on jitter buffer reset</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401791">401791</a></td><td>jrose</td><td>test_linkedlists: Fix memory leak</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401896">401896</a></td><td>jrose</td><td>revert clicompat-r2.patch from r401704</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=401935">401935</a></td><td>jrose</td><td>Put clicompat-r2.patch back in</td>
+<td><a href="https://issues.asterisk.org/jira/browse/ASTERISK-22467">ASTERISK-22467</a></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=403844">403844</a></td><td>bebuild</td><td>Create 11.7.0-rc2</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=403849">403849</a></td><td>bebuild</td><td>Update version; Remove old summaries</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=403978">403978</a></td><td>bebuild</td><td>Update 11.7.0-rc2</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/branches/11?view=revision&revision=403984">403984</a></td><td>bebuild</td><td>Importing release summary for 11.7.0-rc2 release.</td>
+<td></td></tr></table>
+<hr/>
+<a name="diffstat"><h2 align="center">Diffstat Results</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p>
+<pre>
+.version                             |    2
+ChangeLog                            |   29 +
+Makefile                             |    1
+README-SERIOUSLY.bestpractices.txt   |   24 +
+UPGRADE.txt                          |   18 +
+apps/app_confbridge.c                |    3
+apps/app_queue.c                     |   37 +-
+apps/app_sms.c                       |    3
+apps/app_voicemail.c                 |    6
+apps/confbridge/conf_config_parser.c |    4
+apps/confbridge/include/confbridge.h |    1
+asterisk-11.7.0-rc1-summary.html     |  437 ----------------------------
+asterisk-11.7.0-rc1-summary.txt      |  544 -----------------------------------
+asterisk-11.7.0-rc2-summary.html     |   73 ++++
+asterisk-11.7.0-rc2-summary.txt      |  103 ++++++
+cdr/cdr_adaptive_odbc.c              |    8
+channels/chan_dahdi.c                |   55 ++-
+channels/chan_iax2.c                 |   49 +--
+channels/chan_mgcp.c                 |    6
+channels/chan_sip.c                  |  147 ++++++---
+channels/sig_analog.c                |   52 +--
+channels/sig_ss7.c                   |    9
+channels/sip/include/sip.h           |    1
+channels/sip/reqresp_parser.c        |    6
+codecs/ilbc/doCPLC.c                 |    2
+configs/asterisk.conf.sample         |    6
+configs/confbridge.conf.sample       |    3
+configs/sip.conf.sample              |    3
+configure.ac                         |   14
+doc/astdb2bdb.8                      |   46 ++
+doc/astdb2sqlite3.8                  |   39 ++
+funcs/func_config.c                  |    4
+funcs/func_db.c                      |   20 +
+funcs/func_env.c                     |   28 +
+funcs/func_lock.c                    |   21 +
+funcs/func_math.c                    |    3
+funcs/func_realtime.c                |   60 ++-
+funcs/func_shell.c                   |   18 -
+include/asterisk/pbx.h               |   64 ++++
+include/asterisk/rtp_engine.h        |    6
+main/app.c                           |    4
+main/asterisk.c                      |   11
+main/astobj2.c                       |    6
+main/channel.c                       |   16 +
+main/config_options.c                |   26 +
+main/data.c                          |    3
+main/editline/readline.c             |    7
+main/editline/term.c                 |    6
+main/jitterbuf.c                     |    6
+main/logger.c                        |    3
+main/pbx.c                           |  317 ++++++++++++++++++--
+main/rtp_engine.c                    |   90 ++---
+main/security_events.c               |    6
+main/tcptls.c                        |   11
+main/test.c                          |    6
+main/translate.c                     |    4
+main/utils.c                         |   20 +
+res/res_jabber.c                     |    2
+res/res_rtp_asterisk.c               |   69 +++-
+res/res_rtp_multicast.c              |    8
+res/res_xmpp.c                       |    2
+tests/test_dlinklists.c              |    2
+tests/test_linkedlists.c             |    7
+utils/clicompat.c                    |   10
+64 files changed, 1308 insertions(+), 1289 deletions(-)
+</pre><br/>
+<hr/>
+</body>
+</html>

asterisk-11.7.0-summary.txt

@@ -0,0 +1,569 @@
+                                Release Summary
+
+                                asterisk-11.7.0
+
+                                Date: 2013-12-17
+
+                           <asteriskteam@digium.com>
+
+     ----------------------------------------------------------------------
+
+                               Table of Contents
+
+    1. Summary
+    2. Contributors
+    3. Closed Issues
+    4. Other Changes
+    5. Diffstat
+
+     ----------------------------------------------------------------------
+
+                                    Summary
+
+                                 [Back to Top]
+
+   This release includes only bug fixes. The changes included were made only
+   to address problems that have been identified in this release series.
+   Users should be able to safely upgrade to this version if this release
+   series is already in use. Users considering upgrading from a previous
+   release series are strongly encouraged to review the UPGRADE.txt document
+   as well as the CHANGES document for information about upgrading to this
+   release series.
+
+   The data in this summary reflects changes that have been made since the
+   previous release, asterisk-11.6.0.
+
+     ----------------------------------------------------------------------
+
+                                  Contributors
+
+                                 [Back to Top]
+
+   This table lists the people who have submitted code, those that have
+   tested patches, as well as those that reported issues on the issue tracker
+   that were resolved in this release. For coders, the number is how many of
+   their patches (of any size) were committed into this release. For testers,
+   the number is the number of times their name was listed as assisting with
+   testing a patch. Finally, for reporters, the number is the number of
+   issues that they reported that were closed by commits that went into this
+   release.
+
+     Coders                   Testers                  Reporters              
+   11 jrose                 3 elguero                2 gkelleter              
+   8 rmudgett               1 Ben Smithurst          2 nbansal                
+   5 elguero                1 Dalius M.              2 tsearle                
+   4 bebuild                1 rmudgett               1 abelbeck               
+   4 kmoore                 1 wdoekes                1 adomjan                
+   4 wdoekes                                         1 aragon                 
+   3 mjordan                                         1 arcanos                
+   2 kharwell                                        1 bensmithurst           
+   2 NITESH BANSAL                                   1 brianscott             
+   2 sgriepentrog                                    1 coreyfarrell           
+   1 abelbeck                                        1 dario                  
+   1 adomjan                                         1 docent                 
+   1 coreyfarrell                                    1 elguero                
+   1 Filip Jenicek                                   1 frenk77                
+   1 junky                                           1 jbigelow               
+   1 mmichelson                                      1 jkister                
+   1 nbougues                                        1 jllull                 
+   1 Oscar Esteve                                    1 jrose                  
+   1 Simone Camporeale                               1 kharwell               
+   1 Torrey Searle                                   1 kmoore                 
+   1 tsearle                                         1 londonnet              
+   1 tzafrir                                         1 mdalius                
+                                                     1 mjordan                
+                                                     1 nbougues               
+                                                     1 oscares                
+                                                     1 patrickm               
+                                                     1 phill                  
+                                                     1 rudolf                 
+                                                     1 simone.camporeale      
+                                                     1 skavin                 
+                                                     1 tomaso                 
+                                                     1 wdoekes                
+
+     ----------------------------------------------------------------------
+
+                                 Closed Issues
+
+                                 [Back to Top]
+
+   This is a list of all issues from the issue tracker that were closed by
+   changes that went into this release.
+
+  Category: Applications/app_confbridge
+
+   ASTERISK-19983: ConfBridge does not expose a mechanism to change the
+   language on the Bridging channel, defaulting to 'en'
+   Revision: 400741
+   Reporter: londonnet
+   Testers: rmudgett
+   Coders: junky
+
+  Category: Applications/app_queue
+
+   ASTERISK-21826: [patch] Bad queue_log entry when removed member from queue
+   via CLI
+   Revision: 401433
+   Reporter: oscares
+   Coders: Oscar Esteve
+
+   ASTERISK-22197: [patch] Queuelog EXITWITHKEY only two of four parameters
+   Revision: 400623
+   Reporter: mdalius
+   Testers: Dalius M.
+   Coders: elguero
+
+  Category: Applications/app_voicemail
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+  Category: Bridges/bridge_native_rtp
+
+   ASTERISK-22424: bridge_native_rtp: Asterisk 12 attempts to remotely bridge
+   on 200OK response to invite when the 200 lacks SDP
+   Revision: 399962
+   Reporter: jrose
+   Coders: jrose
+
+  Category: CDR/cdr_adaptive_odbc
+
+   ASTERISK-22272: [patch] Unexepected behaviour with adaptive odbc filter
+   Revision: 401579
+   Reporter: jllull
+   Coders: rmudgett
+
+  Category: Channels/chan_dahdi
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+  Category: Channels/chan_mgcp
+
+   ASTERISK-21190: chan_mgcp crash on chunked m= sdp line
+   Revision: 401538
+   Reporter: adomjan
+   Coders: adomjan
+
+  Category: Channels/chan_pjsip
+
+   ASTERISK-22667: crash: directmedia with both phones placing each other on
+   hold
+   Revision: 401446
+   Reporter: jbigelow
+   Coders: mjordan
+
+  Category: Channels/chan_sip/CodecHandling
+
+   ASTERISK-21131: [patch] - Asterisk creates SDP with (peer) unsupported
+   audio codec
+   Revision: 401498
+   Reporter: nbougues
+   Coders: nbougues
+
+  Category: Channels/chan_sip/General
+
+   ASTERISK-21204: Asterisk increments the session version in 2xx message
+   even if a '183 Session in Progress' with SDP has already been sent in
+   response to initial INVITE.
+   Revision: 400908
+   Reporter: nbansal
+   Coders: NITESH BANSAL
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+   ASTERISK-22477: array calleridname in the function check_user_full is too
+   short
+   Revision: 400014
+   Reporter: docent
+   Coders: rmudgett
+
+   ASTERISK-22621: chan_sip can send two BYEs for a single call
+   Revision: 400971
+   Reporter: kmoore
+   Coders: mmichelson
+
+   ASTERISK-22667: crash: directmedia with both phones placing each other on
+   hold
+   Revision: 401446
+   Reporter: jbigelow
+   Coders: mjordan
+
+   ASTERISK-22729: [patch] Remove Port Restriction When Checking For NAT
+   Revision: 401182
+   Reporter: elguero
+   Testers: elguero
+   Coders: elguero
+
+  Category: Channels/chan_sip/Interoperability
+
+   ASTERISK-22005: Allow a sip peer to accept both AVP and AVPF calls
+   Revision: 401884
+   Reporter: tsearle
+   Coders: tsearle
+
+  Category: Channels/chan_sip/Registration
+
+   ASTERISK-17138: [patch] Asterisk not re-registering after it receives
+   "Forbidden - wrong password on authentication"
+   Revision: 400140
+   Reporter: rudolf
+   Coders: kmoore
+
+   ASTERISK-22236: REGISTER reply send to bad port with nat=yes(or
+   force_rport,comedia) in 11.5.0
+   Revision: 401167
+   Reporter: frenk77
+   Testers: elguero
+   Coders: elguero
+
+   ASTERISK-22428: [patch] SIP unregister does not fully unregister when
+   using Realtime sip peers and Expires not 0 on 200ok
+   Revision: 399795
+   Reporter: bensmithurst
+   Testers: Ben Smithurst, elguero
+   Coders: elguero
+
+   ASTERISK-22574: [patch]Value of expires= is ignored in the Contact header
+   Revision: 400470
+   Reporter: phill
+   Coders: Filip Jenicek
+
+  Category: Channels/chan_sip/T.38
+
+   ASTERISK-17273: [patch] - Incorrect address specified in SIP re-INVITE
+   with T.38 when directmedia enabled
+   Revision: 399457
+   Reporter: dario
+   Coders: jrose
+
+   ASTERISK-18706: UDPTL fail while using directmedia
+   Revision: 399457
+   Reporter: jkister
+   Coders: jrose
+
+  Category: Codecs/codec_ilbc
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+  Category: Core/BuildSystem
+
+   ASTERISK-22351: Segfault in LIBEDIT_INTERNAL after tgetstr(), when
+   libncurses5-dev isn't installed
+   Revision: 401326
+   Reporter: arcanos
+   Coders: wdoekes
+
+  Category: Core/General
+
+   ASTERISK-22351: Segfault in LIBEDIT_INTERNAL after tgetstr(), when
+   libncurses5-dev isn't installed
+   Revision: 401326
+   Reporter: arcanos
+   Coders: wdoekes
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+  Category: Core/Jitterbuffer
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+  Category: Core/Logging
+
+   ASTERISK-22456: Logger.conf: Logging types ignored after specifying a
+   verbose level
+   Revision: 401833
+   Reporter: kharwell
+   Coders: kharwell
+
+  Category: Core/ManagerInterface
+
+   ASTERISK-22578: Invalid manager logins aren't reported via security
+   events: Invalid IE Specified ERROR
+   Revision: 400421
+   Reporter: mjordan
+   Coders: kmoore
+
+  Category: Core/RTP
+
+   ASTERISK-21464: with directrtpsetup some payload type identifiers from A
+   party's INVITE are not copied to the INVITE for B party
+   Revision: 402042
+   Reporter: skavin
+   Coders: sgriepentrog
+
+   ASTERISK-22424: bridge_native_rtp: Asterisk 12 attempts to remotely bridge
+   on 200OK response to invite when the 200 lacks SDP
+   Revision: 399962
+   Reporter: jrose
+   Coders: jrose
+
+  Category: Core/UDPTL
+
+   ASTERISK-18706: UDPTL fail while using directmedia
+   Revision: 399457
+   Reporter: jkister
+   Coders: jrose
+
+  Category: Functions/func_config
+
+   ASTERISK-22483: AST_LIST_INSERT_TAIL doesn't set field.next on added entry
+   Revision: 400697
+   Reporter: brianscott
+   Coders: kmoore
+
+  Category: Functions/func_math
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+  Category: General
+
+   ASTERISK-22540: WARNING[2324] asterisk.c: Fork failed: Cannot allocate
+   memory in /var/log/asterisk/messages then segfault
+   Revision: 399513
+   Reporter: aragon
+   Coders: kharwell
+
+  Category: Resources/res_jabber
+
+   ASTERISK-22410: [patch] Change "Error isn't a PubSub error ..." error log
+   to a debug log
+   Revision: 401120
+   Reporter: abelbeck
+   Coders: abelbeck
+
+  Category: Resources/res_odbc
+
+   ASTERISK-22459: Compiling res_odbc against iODBC instead of unixodbc
+   produces runtime errors
+   Revision: 400768
+   Reporter: patrickm
+   Testers: wdoekes
+   Coders: wdoekes
+
+  Category: Resources/res_rtp_asterisk
+
+   ASTERISK-21170: DTMF timestamp issue
+   Revision: 401620
+   Reporter: nbansal
+   Coders: NITESH BANSAL
+
+   ASTERISK-21917: [patch] STUN crashes when SIP is bound to ipv4 and ipv6
+   Revision: 400681
+   Reporter: tsearle
+   Coders: Torrey Searle
+
+   ASTERISK-22667: crash: directmedia with both phones placing each other on
+   hold
+   Revision: 401446
+   Reporter: jbigelow
+   Coders: mjordan
+
+  Category: Resources/res_rtp_multicast
+
+   ASTERISK-22567: [patch]MutlicastRTP does not set SSRC. SSRC is always set
+   to 0
+   Revision: 400394
+   Reporter: simone.camporeale
+   Coders: Simone Camporeale
+
+  Category: Resources/res_xmpp
+
+   ASTERISK-22410: [patch] Change "Error isn't a PubSub error ..." error log
+   to a debug log
+   Revision: 401120
+   Reporter: abelbeck
+   Coders: abelbeck
+
+  Category: Tests/General
+
+   ASTERISK-22467: [patch] memory leaks 1.8+
+   Revision: 401830
+   Reporter: coreyfarrell
+   Coders: coreyfarrell
+
+     ----------------------------------------------------------------------
+
+                      Commits Not Associated with an Issue
+
+                                 [Back to Top]
+
+   This is a list of all changes that went into this release that did not
+   directly close an issue from the issue tracker. The commits may have been
+   marked as being related to an issue. If that is the case, the issue
+   numbers are listed here, as well.
+
+   +------------------------------------------------------------------------+
+   | Revision | Author   | Summary                      | Issues Referenced |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | Ensure global types in the   |                   |
+   | 399564   | kmoore   | config framework are         |                   |
+   |          |          | initialized                  |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | chan_iax2: Prevent some      |                   |
+   | 399708   | rmudgett | needless breaking of the     |                   |
+   |          |          | native IAX2 bridge.          |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | chan_dahdi: CLI "core stop   |                   |
+   | 399834   | rmudgett | gracefully" has needless     |                   |
+   |          |          | delay for PRI and SS7.       |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 400279   | tzafrir  | man pages for astdb2bdb and  |                   |
+   |          |          | astdb2sqlite3                |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 400315   | elguero  | Cast Integer Argument To     |                   |
+   |          |          | Unsigned Char                |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | app_confbridge: Fix          |                   |
+   | 400723   | rmudgett | duplicate default_user       |                   |
+   |          |          | profile.                     |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | chan_dahdi: Reflect the set  |                   |
+   | 400909   | rmudgett | software gain in the CLI     | ASTERISK-22429    |
+   |          |          | "dahdi show channel" output. |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | chan_iax2: Fix channel left  |                   |
+   | 401016   | rmudgett | locked in off nominal code   |                   |
+   |          |          | path.                        |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | Don't check all realtime     |                   |
+   | 401076   | wdoekes  | queues when doing "queue     |                   |
+   |          |          | show some_queue".            |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | chan_dahdi: Fix unable to    |                   |
+   | 401379   | rmudgett | get index warning when       |                   |
+   |          |          | transferring an analog call. |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | memory leaks: Memory leak    |                   |
+   | 401661   | jrose    | cleanup patch by Corey       |                   |
+   |          |          | Farrell (first set)          |                   |
+   |----------+----------+------------------------------+-------------------|
+   |          |          | memory leaks: Memory leak    |                   |
+   | 401705   | jrose    | cleanup patch by Corey       | ASTERISK-22467    |
+   |          |          | Farrell (second set)         |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 401744   | jrose    | app_voicemail: Memory Leaks  | ASTERISK-22467    |
+   |          |          | against tests                |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 401783   | jrose    | astobj2: Unregister debug    | ASTERISK-22467    |
+   |          |          | CLI commands at exit         |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 401787   | jrose    | jitterbuf: Fix memory leak   | ASTERISK-22467    |
+   |          |          | on jitter buffer reset       |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 401791   | jrose    | test_linkedlists: Fix memory | ASTERISK-22467    |
+   |          |          | leak                         |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 401896   | jrose    | revert clicompat-r2.patch    | ASTERISK-22467    |
+   |          |          | from r401704                 |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 401935   | jrose    | Put clicompat-r2.patch back  | ASTERISK-22467    |
+   |          |          | in                           |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 403844   | bebuild  | Create 11.7.0-rc2            |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 403849   | bebuild  | Update version; Remove old   |                   |
+   |          |          | summaries                    |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 403978   | bebuild  | Update 11.7.0-rc2            |                   |
+   |----------+----------+------------------------------+-------------------|
+   | 403984   | bebuild  | Importing release summary    |                   |
+   |          |          | for 11.7.0-rc2 release.      |                   |
+   +------------------------------------------------------------------------+
+
+     ----------------------------------------------------------------------
+
+                                Diffstat Results
+
+                                 [Back to Top]
+
+   This is a summary of the changes to the source code that went into this
+   release that was generated using the diffstat utility.
+
+ .version                             |    2
+ ChangeLog                            |   29 +
+ Makefile                             |    1
+ README-SERIOUSLY.bestpractices.txt   |   24 +
+ UPGRADE.txt                          |   18 +
+ apps/app_confbridge.c                |    3
+ apps/app_queue.c                     |   37 +-
+ apps/app_sms.c                       |    3
+ apps/app_voicemail.c                 |    6
+ apps/confbridge/conf_config_parser.c |    4
+ apps/confbridge/include/confbridge.h |    1
+ asterisk-11.7.0-rc1-summary.html     |  437 ----------------------------
+ asterisk-11.7.0-rc1-summary.txt      |  544 -----------------------------------
+ asterisk-11.7.0-rc2-summary.html     |   73 ++++
+ asterisk-11.7.0-rc2-summary.txt      |  103 ++++++
+ cdr/cdr_adaptive_odbc.c              |    8
+ channels/chan_dahdi.c                |   55 ++-
+ channels/chan_iax2.c                 |   49 +--
+ channels/chan_mgcp.c                 |    6
+ channels/chan_sip.c                  |  147 ++++++---
+ channels/sig_analog.c                |   52 +--
+ channels/sig_ss7.c                   |    9
+ channels/sip/include/sip.h           |    1
+ channels/sip/reqresp_parser.c        |    6
+ codecs/ilbc/doCPLC.c                 |    2
+ configs/asterisk.conf.sample         |    6
+ configs/confbridge.conf.sample       |    3
+ configs/sip.conf.sample              |    3
+ configure.ac                         |   14
+ doc/astdb2bdb.8                      |   46 ++
+ doc/astdb2sqlite3.8                  |   39 ++
+ funcs/func_config.c                  |    4
+ funcs/func_db.c                      |   20 +
+ funcs/func_env.c                     |   28 +
+ funcs/func_lock.c                    |   21 +
+ funcs/func_math.c                    |    3
+ funcs/func_realtime.c                |   60 ++-
+ funcs/func_shell.c                   |   18 -
+ include/asterisk/pbx.h               |   64 ++++
+ include/asterisk/rtp_engine.h        |    6
+ main/app.c                           |    4
+ main/asterisk.c                      |   11
+ main/astobj2.c                       |    6
+ main/channel.c                       |   16 +
+ main/config_options.c                |   26 +
+ main/data.c                          |    3
+ main/editline/readline.c             |    7
+ main/editline/term.c                 |    6
+ main/jitterbuf.c                     |    6
+ main/logger.c                        |    3
+ main/pbx.c                           |  317 ++++++++++++++++++--
+ main/rtp_engine.c                    |   90 ++---
+ main/security_events.c               |    6
+ main/tcptls.c                        |   11
+ main/test.c                          |    6
+ main/translate.c                     |    4
+ main/utils.c                         |   20 +
+ res/res_jabber.c                     |    2
+ res/res_rtp_asterisk.c               |   69 +++-
+ res/res_rtp_multicast.c              |    8
+ res/res_xmpp.c                       |    2
+ tests/test_dlinklists.c              |    2
+ tests/test_linkedlists.c             |    7
+ utils/clicompat.c                    |   10
+ 64 files changed, 1308 insertions(+), 1289 deletions(-)
+
+     ----------------------------------------------------------------------

configs/asterisk.conf.sample

@@ -83,6 +83,12 @@ documentation_language = en_US	; Set the language you want documentation
 				; gosub - Invoke the stdexten using a gosub as
 				;         documented in extensions.conf.sample.
 				; Default gosub.
+;live_dangerously = no		; Enable the execution of 'dangerous' dialplan
+				; functions from external sources (AMI,
+				; etc.) These functions (such as SHELL) are
+				; considered dangerous because they can allow
+				; privilege escalation.
+				; Default yes, for backward compatability.
 
 ; Changing the following lines may compromise your security.
 ;[files]

funcs/func_db.c

@@ -110,6 +110,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			<para>This function will retrieve a value from the Asterisk database
 			and then remove that key from the database. <variable>DB_RESULT</variable>
 			will be set to the key's value if it exists.</para>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be read from the
+				dialplan, and not directly from external protocols. It can, however, be
+				executed as a write operation (<literal>DB_DELETE(family, key)=ignored</literal>)</para>
+			</note>
 		</description>
 		<see-also>
 			<ref type="application">DBdel</ref>
@@ -311,10 +317,22 @@ static int function_db_delete(struct ast_channel *chan, const char *cmd,
 	return 0;
 }
 
+/*!
+ * \brief Wrapper to execute DB_DELETE from a write operation. Allows execution
+ * even if live_dangerously is disabled.
+ */
+static int function_db_delete_write(struct ast_channel *chan, const char *cmd, char *parse,
+	const char *value)
+{
+	/* Throwaway to hold the result from the read */
+	char buf[128];
+	return function_db_delete(chan, cmd, parse, buf, sizeof(buf));
+}
 
 static struct ast_custom_function db_delete_function = {
 	.name = "DB_DELETE",
 	.read = function_db_delete,
+	.write = function_db_delete_write,
 };
 
 static int unload_module(void)
@@ -335,7 +353,7 @@ static int load_module(void)
 
 	res |= ast_custom_function_register(&db_function);
 	res |= ast_custom_function_register(&db_exists_function);
-	res |= ast_custom_function_register(&db_delete_function);
+	res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ);
 	res |= ast_custom_function_register(&db_keys_function);
 
 	return res;

funcs/func_env.c

@@ -71,6 +71,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			<parameter name="filename" required="true" />
 		</syntax>
 		<description>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 	</function>
 	<function name="FILE" language="en_US">
@@ -167,6 +172,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			<para>    Set(FILE(/tmp/foo.txt,-1,,l)=bar)</para>
 			<para>    ; Append "bar" to the file with a newline</para>
 			<para>    Set(FILE(/tmp/foo.txt,,,al)=bar)</para>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 		<see-also>
 			<ref type="function">FILE_COUNT_LINE</ref>
@@ -197,6 +207,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 		</syntax>
 		<description>
 			<para>Returns the number of lines, or <literal>-1</literal> on error.</para>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 		<see-also>
 			<ref type="function">FILE</ref>
@@ -216,6 +231,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			<para>'d' - DOS "\r\n" format</para>
 			<para>'m' - Macintosh "\r" format</para>
 			<para>'x' - Cannot be determined</para>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 		<see-also>
 			<ref type="function">FILE</ref>
@@ -1259,10 +1279,10 @@ static int load_module(void)
 	int res = 0;
 
 	res |= ast_custom_function_register(&env_function);
-	res |= ast_custom_function_register(&stat_function);
-	res |= ast_custom_function_register(&file_function);
-	res |= ast_custom_function_register(&file_count_line_function);
-	res |= ast_custom_function_register(&file_format_function);
+	res |= ast_custom_function_register_escalating(&stat_function, AST_CFE_READ);
+	res |= ast_custom_function_register_escalating(&file_function, AST_CFE_BOTH);
+	res |= ast_custom_function_register_escalating(&file_count_line_function, AST_CFE_READ);
+	res |= ast_custom_function_register_escalating(&file_format_function, AST_CFE_READ);
 
 	return res;
 }

funcs/func_lock.c

@@ -59,6 +59,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			Returns <literal>1</literal> if the lock was obtained or <literal>0</literal> on error.</para>
 			<note><para>To avoid the possibility of a deadlock, LOCK will only attempt to
 			obtain the lock for 3 seconds if the channel already has another lock.</para></note>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 	</function>
 	<function name="TRYLOCK" language="en_US">
@@ -72,6 +77,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			<para>Attempts to grab a named lock exclusively, and prevents other channels
 			from obtaining the same lock.  Returns <literal>1</literal> if the lock was 
 			available or <literal>0</literal> otherwise.</para>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 	</function>
 	<function name="UNLOCK" language="en_US">
@@ -86,6 +96,11 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 			had a lock or <literal>0</literal> otherwise.</para>
 			<note><para>It is generally unnecessary to unlock in a hangup routine, as any locks 
 			held are automatically freed when the channel is destroyed.</para></note>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 	</function>
  ***/
@@ -502,9 +517,9 @@ static int unload_module(void)
 
 static int load_module(void)
 {
-	int res = ast_custom_function_register(&lock_function);
-	res |= ast_custom_function_register(&trylock_function);
-	res |= ast_custom_function_register(&unlock_function);
+	int res = ast_custom_function_register_escalating(&lock_function, AST_CFE_READ);
+	res |= ast_custom_function_register_escalating(&trylock_function, AST_CFE_READ);
+	res |= ast_custom_function_register_escalating(&unlock_function, AST_CFE_READ);
 
 	if (ast_pthread_create_background(&broker_tid, NULL, lock_broker, NULL)) {
 		ast_log(LOG_ERROR, "Failed to start lock broker thread. Unloading func_lock module.\n");

funcs/func_realtime.c

@@ -115,6 +115,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 		<description>
 			<para>This function acts in the same way as REALTIME(....) does, except that
 			it destroys the matched record in the RT engine.</para>
+			<note>
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be read from the
+				dialplan, and not directly from external protocols. It can, however, be
+				executed as a write operation (<literal>REALTIME_DESTROY(family, fieldmatch)=ignored</literal>)</para>
+			</note>
 		</description>
 		<see-also>
 			<ref type="function">REALTIME</ref>
@@ -439,28 +445,32 @@ static int function_realtime_readdestroy(struct ast_channel *chan, const char *c
 		return -1;
 	}
 
-	resultslen = 0;
-	n = 0;
-	for (var = head; var; n++, var = var->next)
-		resultslen += strlen(var->name) + strlen(var->value);
-	/* add space for delimiters and final '\0' */
-	resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
+	if (len > 0) {
+		resultslen = 0;
+		n = 0;
+		for (var = head; var; n++, var = var->next) {
+			resultslen += strlen(var->name) + strlen(var->value);
+		}
+		/* add space for delimiters and final '\0' */
+		resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
 
-	if (resultslen > len) {
-		/* Unfortunately this does mean that we cannot destroy the row
-		 * anymore. But OTOH, we're not destroying someones data without
-		 * giving him the chance to look at it. */
-		ast_log(LOG_WARNING, "Failed to fetch/destroy. Realtime data is too large: need %zu, have %zu.\n", resultslen, len);
-		return -1;
-	}
+		if (resultslen > len) {
+			/* Unfortunately this does mean that we cannot destroy
+			 * the row anymore. But OTOH, we're not destroying
+			 * someones data without giving him the chance to look
+			 * at it. */
+			ast_log(LOG_WARNING, "Failed to fetch/destroy. Realtime data is too large: need %zu, have %zu.\n", resultslen, len);
+			return -1;
+		}
 
-	/* len is going to be sensible, so we don't need to check for stack
-	 * overflows here. */
-	out = ast_str_alloca(resultslen);
-	for (var = head; var; var = var->next) {
-		ast_str_append(&out, 0, "%s%s%s%s", var->name, args.delim2, var->value, args.delim1);
+		/* len is going to be sensible, so we don't need to check for
+		 * stack overflows here. */
+		out = ast_str_alloca(resultslen);
+		for (var = head; var; var = var->next) {
+			ast_str_append(&out, 0, "%s%s%s%s", var->name, args.delim2, var->value, args.delim1);
+		}
+		ast_copy_string(buf, ast_str_buffer(out), len);
 	}
-	ast_copy_string(buf, ast_str_buffer(out), len);
 
 	ast_destroy_realtime(args.family, args.fieldmatch, args.value, SENTINEL);
 	ast_variables_destroy(head);
@@ -471,6 +481,15 @@ static int function_realtime_readdestroy(struct ast_channel *chan, const char *c
 	return 0;
 }
 
+/*!
+ * \brief Wrapper to execute REALTIME_DESTROY from a write operation. Allows
+ * execution even if live_dangerously is disabled.
+ */
+static int function_realtime_writedestroy(struct ast_channel *chan, const char *cmd, char *data, const char *value)
+{
+	return function_realtime_readdestroy(chan, cmd, data, NULL, 0);
+}
+
 static struct ast_custom_function realtime_function = {
 	.name = "REALTIME",
 	.read = function_realtime_read,
@@ -496,6 +515,7 @@ static struct ast_custom_function realtime_store_function = {
 static struct ast_custom_function realtime_destroy_function = {
 	.name = "REALTIME_DESTROY",
 	.read = function_realtime_readdestroy,
+	.write = function_realtime_writedestroy,
 };
 
 static int unload_module(void)
@@ -514,7 +534,7 @@ static int load_module(void)
 	int res = 0;
 	res |= ast_custom_function_register(&realtime_function);
 	res |= ast_custom_function_register(&realtime_store_function);
-	res |= ast_custom_function_register(&realtime_destroy_function);
+	res |= ast_custom_function_register_escalating(&realtime_destroy_function, AST_CFE_READ);
 	res |= ast_custom_function_register(&realtimefield_function);
 	res |= ast_custom_function_register(&realtimehash_function);
 	return res;

funcs/func_shell.c

@@ -88,11 +88,17 @@ static int shell_helper(struct ast_channel *chan, const char *cmd, char *data,
 		</syntax>
 		<description>
 			<para>Collects the output generated by a command executed by the system shell</para>
-			<para>Example:  <literal>Set(foo=${SHELL(echo \bar\)})</literal></para>
-			<note><para>The command supplied to this function will be executed by the
-			system's shell, typically specified in the SHELL environment variable. There
-			are many different system shells available with somewhat different behaviors,
-			so the output generated by this function may vary between platforms.</para></note>
+			<para>Example:  <literal>Set(foo=${SHELL(echo bar)})</literal></para>
+			<note>
+				<para>The command supplied to this function will be executed by the
+				system's shell, typically specified in the SHELL environment variable. There
+				are many different system shells available with somewhat different behaviors,
+				so the output generated by this function may vary between platforms.</para>
+
+				<para>If <literal>live_dangerously</literal> in <literal>asterisk.conf</literal>
+				is set to <literal>no</literal>, this function can only be executed from the
+				dialplan, and not directly from external protocols.</para>
+			</note>
 		</description>
 
 	</function>
@@ -109,7 +115,7 @@ static int unload_module(void)
 
 static int load_module(void)
 {
-	return ast_custom_function_register(&shell_function);
+	return ast_custom_function_register_escalating(&shell_function, AST_CFE_READ);
 }
 
 AST_MODULE_INFO_STANDARD(ASTERISK_GPL_KEY, "Collects the output generated by a command executed by the system shell");

include/asterisk/pbx.h

@@ -1309,16 +1309,44 @@ struct ast_custom_function* ast_custom_function_find(const char *name);
  */
 int ast_custom_function_unregister(struct ast_custom_function *acf);
 
+/*!
+ * \brief Description of the ways in which a function may escalate privileges.
+ */
+enum ast_custom_function_escalation {
+	AST_CFE_NONE,
+	AST_CFE_READ,
+	AST_CFE_WRITE,
+	AST_CFE_BOTH,
+};
+
 /*!
  * \brief Register a custom function
  */
 #define ast_custom_function_register(acf) __ast_custom_function_register(acf, ast_module_info->self)
 
+/*!
+ * \brief Register a custom function which requires escalated privileges.
+ *
+ * Examples would be SHELL() (for which a read needs permission to execute
+ * arbitrary code) or FILE() (for which write needs permission to change files
+ * on the filesystem).
+ */
+#define ast_custom_function_register_escalating(acf, escalation) __ast_custom_function_register_escalating(acf, escalation, ast_module_info->self)
+
 /*!
  * \brief Register a custom function
  */
 int __ast_custom_function_register(struct ast_custom_function *acf, struct ast_module *mod);
 
+/*!
+ * \brief Register a custom function which requires escalated privileges.
+ *
+ * Examples would be SHELL() (for which a read needs permission to execute
+ * arbitrary code) or FILE() (for which write needs permission to change files
+ * on the filesystem).
+ */
+int __ast_custom_function_register_escalating(struct ast_custom_function *acf, enum ast_custom_function_escalation escalation, struct ast_module *mod);
+
 /*!
  * \brief Retrieve the number of active calls
  */
@@ -1432,6 +1460,32 @@ unsigned int ast_hashtab_hash_contexts(const void *obj);
  */
 char *ast_complete_applications(const char *line, const char *word, int state);
 
+/*!
+ * \brief Enable/disable the execution of 'dangerous' functions from external
+ * protocols (AMI, etc.).
+ *
+ * These dialplan functions (such as \c SHELL) provide an opportunity for
+ * privilege escalation. They are okay to invoke from the dialplan, but external
+ * protocols with permission controls should not normally invoke them.
+ *
+ * This function can globally enable/disable the execution of dangerous
+ * functions from external protocols.
+ *
+ * \param new_live_dangerously If true, enable the execution of escalating
+ * functions from external protocols.
+ */
+void pbx_live_dangerously(int new_live_dangerously);
+
+/*!
+ * \brief Inhibit (in the current thread) the execution of dialplan functions
+ * which cause privilege escalations. If pbx_live_dangerously() has been
+ * called, this function has no effect.
+ *
+ * \return 0 if successfuly marked current thread.
+ * \return Non-zero if marking current thread failed.
+ */
+int ast_thread_inhibit_escalations(void);
+
 #if defined(__cplusplus) || defined(c_plusplus)
 }
 #endif

main/asterisk.c

@@ -3184,6 +3184,8 @@ static void ast_readconfig(void)
 		unsigned int dbdir:1;
 		unsigned int keydir:1;
 	} found = { 0, 0 };
+	/* Default to true for backward compatibility */
+	int live_dangerously = 1;
 
 	/* Set default value */
 	option_dtmfminduration = AST_MIN_DTMF_DURATION;
@@ -3415,8 +3417,11 @@ static void ast_readconfig(void)
 					v->value);
 				ast_clear_flag(&ast_options, AST_OPT_FLAG_STDEXTEN_MACRO);
 			}
+		} else if (!strcasecmp(v->name, "live_dangerously")) {
+			live_dangerously = ast_true(v->value);
 		}
 	}
+	pbx_live_dangerously(live_dangerously);
 	for (v = ast_variable_browse(cfg, "compat"); v; v = v->next) {
 		float version;
 		if (sscanf(v->value, "%30f", &version) != 1) {

main/pbx.c

@@ -822,6 +822,17 @@ static struct ast_taskprocessor *extension_state_tps;
 
 AST_THREADSTORAGE(switch_data);
 AST_THREADSTORAGE(extensionstate_buf);
+/*!
+ * \brief A thread local indicating whether the current thread can run
+ * 'dangerous' dialplan functions.
+ */
+AST_THREADSTORAGE(thread_inhibit_escalations_tl);
+
+/*!
+ * \brief Set to true (non-zero) to globally allow all dangerous dialplan
+ * functions to run.
+ */
+static int live_dangerously;
 
 /*!
    \brief ast_exten: An extension
@@ -1318,6 +1329,19 @@ static int totalcalls;
 
 static AST_RWLIST_HEAD_STATIC(acf_root, ast_custom_function);
 
+/*!
+ * \brief Extra information for an \ref ast_custom_function holding privilege
+ * escalation information. Kept in a separate structure for ABI compatibility.
+ */
+struct ast_custom_escalating_function {
+	AST_RWLIST_ENTRY(ast_custom_escalating_function) list;
+	const struct ast_custom_function *acf;
+	unsigned int read_escalates:1;
+	unsigned int write_escalates:1;
+};
+
+static AST_RWLIST_HEAD_STATIC(escalation_root, ast_custom_escalating_function);
+
 /*! \brief Declaration of builtin applications */
 static struct pbx_builtin {
 	char name[AST_MAX_APP];
@@ -3911,6 +3935,7 @@ struct ast_custom_function *ast_custom_function_find(const char *name)
 int ast_custom_function_unregister(struct ast_custom_function *acf)
 {
 	struct ast_custom_function *cur;
+	struct ast_custom_escalating_function *cur_escalation;
 
 	if (!acf) {
 		return -1;
@@ -3927,9 +3952,64 @@ int ast_custom_function_unregister(struct ast_custom_function *acf)
 	}
 	AST_RWLIST_UNLOCK(&acf_root);
 
+	/* Remove from the escalation list */
+	AST_RWLIST_WRLOCK(&escalation_root);
+	AST_RWLIST_TRAVERSE_SAFE_BEGIN(&escalation_root, cur_escalation, list) {
+		if (cur_escalation->acf == acf) {
+			AST_RWLIST_REMOVE_CURRENT(list);
+			break;
+		}
+	}
+	AST_RWLIST_TRAVERSE_SAFE_END;
+	AST_RWLIST_UNLOCK(&escalation_root);
+
 	return cur ? 0 : -1;
 }
 
+/*!
+ * \brief Returns true if given custom function escalates privileges on read.
+ *
+ * \param acf Custom function to query.
+ * \return True (non-zero) if reads escalate privileges.
+ * \return False (zero) if reads just read.
+ */
+static int read_escalates(const struct ast_custom_function *acf) {
+	int res = 0;
+	struct ast_custom_escalating_function *cur_escalation;
+
+	AST_RWLIST_RDLOCK(&escalation_root);
+	AST_RWLIST_TRAVERSE(&escalation_root, cur_escalation, list) {
+		if (cur_escalation->acf == acf) {
+			res = cur_escalation->read_escalates;
+			break;
+		}
+	}
+	AST_RWLIST_UNLOCK(&escalation_root);
+	return res;
+}
+
+/*!
+ * \brief Returns true if given custom function escalates privileges on write.
+ *
+ * \param acf Custom function to query.
+ * \return True (non-zero) if writes escalate privileges.
+ * \return False (zero) if writes just write.
+ */
+static int write_escalates(const struct ast_custom_function *acf) {
+	int res = 0;
+	struct ast_custom_escalating_function *cur_escalation;
+
+	AST_RWLIST_RDLOCK(&escalation_root);
+	AST_RWLIST_TRAVERSE(&escalation_root, cur_escalation, list) {
+		if (cur_escalation->acf == acf) {
+			res = cur_escalation->write_escalates;
+			break;
+		}
+	}
+	AST_RWLIST_UNLOCK(&escalation_root);
+	return res;
+}
+
 /*! \internal
  *  \brief Retrieve the XML documentation of a specified ast_custom_function,
  *         and populate ast_custom_function string fields.
@@ -4031,6 +4111,50 @@ int __ast_custom_function_register(struct ast_custom_function *acf, struct ast_m
 	return 0;
 }
 
+int __ast_custom_function_register_escalating(struct ast_custom_function *acf, enum ast_custom_function_escalation escalation, struct ast_module *mod)
+{
+	struct ast_custom_escalating_function *acf_escalation = NULL;
+	int res;
+
+	res = __ast_custom_function_register(acf, mod);
+	if (res != 0) {
+		return -1;
+	}
+
+	if (escalation == AST_CFE_NONE) {
+		/* No escalations; no need to do anything else */
+		return 0;
+	}
+
+	acf_escalation = ast_calloc(1, sizeof(*acf_escalation));
+	if (!acf_escalation) {
+		ast_custom_function_unregister(acf);
+		return -1;
+	}
+
+	acf_escalation->acf = acf;
+	switch (escalation) {
+	case AST_CFE_NONE:
+		break;
+	case AST_CFE_READ:
+		acf_escalation->read_escalates = 1;
+		break;
+	case AST_CFE_WRITE:
+		acf_escalation->write_escalates = 1;
+		break;
+	case AST_CFE_BOTH:
+		acf_escalation->read_escalates = 1;
+		acf_escalation->write_escalates = 1;
+		break;
+	}
+
+	AST_RWLIST_WRLOCK(&escalation_root);
+	AST_RWLIST_INSERT_TAIL(&escalation_root, acf_escalation, list);
+	AST_RWLIST_UNLOCK(&escalation_root);
+
+	return 0;
+}
+
 /*! \brief return a pointer to the arguments of the function,
  * and terminates the function name with '\\0'
  */
@@ -4052,6 +4176,124 @@ static char *func_args(char *function)
 	return args;
 }
 
+void pbx_live_dangerously(int new_live_dangerously)
+{
+	if (new_live_dangerously && !live_dangerously) {
+		ast_log(LOG_WARNING, "Privilege escalation protection disabled!\n"
+			"See https://wiki.asterisk.org/wiki/x/1gKfAQ for more details.\n");
+	}
+
+	if (!new_live_dangerously && live_dangerously) {
+		ast_log(LOG_NOTICE, "Privilege escalation protection enabled.\n");
+	}
+	live_dangerously = new_live_dangerously;
+}
+
+int ast_thread_inhibit_escalations(void)
+{
+	int *thread_inhibit_escalations;
+
+	thread_inhibit_escalations = ast_threadstorage_get(
+		&thread_inhibit_escalations_tl, sizeof(*thread_inhibit_escalations));
+
+	if (thread_inhibit_escalations == NULL) {
+		ast_log(LOG_ERROR, "Error inhibiting privilege escalations for current thread\n");
+		return -1;
+	}
+
+	*thread_inhibit_escalations = 1;
+	return 0;
+}
+
+/*!
+ * \brief Indicates whether the current thread inhibits the execution of
+ * dangerous functions.
+ *
+ * \return True (non-zero) if dangerous function execution is inhibited.
+ * \return False (zero) if dangerous function execution is allowed.
+ */
+static int thread_inhibits_escalations(void)
+{
+	int *thread_inhibit_escalations;
+
+	thread_inhibit_escalations = ast_threadstorage_get(
+		&thread_inhibit_escalations_tl, sizeof(*thread_inhibit_escalations));
+
+	if (thread_inhibit_escalations == NULL) {
+		ast_log(LOG_ERROR, "Error checking thread's ability to run dangerous functions\n");
+		/* On error, assume that we are inhibiting */
+		return 1;
+	}
+
+	return *thread_inhibit_escalations;
+}
+
+/*!
+ * \brief Determines whether execution of a custom function's read function
+ * is allowed.
+ *
+ * \param acfptr Custom function to check
+ * \return True (non-zero) if reading is allowed.
+ * \return False (zero) if reading is not allowed.
+ */
+static int is_read_allowed(struct ast_custom_function *acfptr)
+{
+	if (!acfptr) {
+		return 1;
+	}
+
+	if (!read_escalates(acfptr)) {
+		return 1;
+	}
+
+	if (!thread_inhibits_escalations()) {
+		return 1;
+	}
+
+	if (live_dangerously) {
+		/* Global setting overrides the thread's preference */
+		ast_debug(2, "Reading %s from a dangerous context\n",
+			acfptr->name);
+		return 1;
+	}
+
+	/* We have no reason to allow this function to execute */
+	return 0;
+}
+
+/*!
+ * \brief Determines whether execution of a custom function's write function
+ * is allowed.
+ *
+ * \param acfptr Custom function to check
+ * \return True (non-zero) if writing is allowed.
+ * \return False (zero) if writing is not allowed.
+ */
+static int is_write_allowed(struct ast_custom_function *acfptr)
+{
+	if (!acfptr) {
+		return 1;
+	}
+
+	if (!write_escalates(acfptr)) {
+		return 1;
+	}
+
+	if (!thread_inhibits_escalations()) {
+		return 1;
+	}
+
+	if (live_dangerously) {
+		/* Global setting overrides the thread's preference */
+		ast_debug(2, "Writing %s from a dangerous context\n",
+			acfptr->name);
+		return 1;
+	}
+
+	/* We have no reason to allow this function to execute */
+	return 0;
+}
+
 int ast_func_read(struct ast_channel *chan, const char *function, char *workspace, size_t len)
 {
 	char *copy = ast_strdupa(function);
@@ -4064,6 +4306,8 @@ int ast_func_read(struct ast_channel *chan, const char *function, char *workspac
 		ast_log(LOG_ERROR, "Function %s not registered\n", copy);
 	} else if (!acfptr->read && !acfptr->read2) {
 		ast_log(LOG_ERROR, "Function %s cannot be read\n", copy);
+	} else if (!is_read_allowed(acfptr)) {
+		ast_log(LOG_ERROR, "Dangerous function %s read blocked\n", copy);
 	} else if (acfptr->read) {
 		if (acfptr->mod) {
 			u = __ast_module_user_add(acfptr->mod, chan);
@@ -4101,6 +4345,8 @@ int ast_func_read2(struct ast_channel *chan, const char *function, struct ast_st
 		ast_log(LOG_ERROR, "Function %s not registered\n", copy);
 	} else if (!acfptr->read && !acfptr->read2) {
 		ast_log(LOG_ERROR, "Function %s cannot be read\n", copy);
+	} else if (!is_read_allowed(acfptr)) {
+		ast_log(LOG_ERROR, "Dangerous function %s read blocked\n", copy);
 	} else {
 		if (acfptr->mod) {
 			u = __ast_module_user_add(acfptr->mod, chan);
@@ -4140,11 +4386,13 @@ int ast_func_write(struct ast_channel *chan, const char *function, const char *v
 	char *args = func_args(copy);
 	struct ast_custom_function *acfptr = ast_custom_function_find(copy);
 
-	if (acfptr == NULL)
+	if (acfptr == NULL) {
 		ast_log(LOG_ERROR, "Function %s not registered\n", copy);
-	else if (!acfptr->write)
+	} else if (!acfptr->write) {
 		ast_log(LOG_ERROR, "Function %s cannot be written to\n", copy);
-	else {
+	} else if (!is_write_allowed(acfptr)) {
+		ast_log(LOG_ERROR, "Dangerous function %s write blocked\n", copy);
+	} else {
 		int res;
 		struct ast_module_user *u = NULL;
 		if (acfptr->mod)

main/tcptls.c

@@ -48,6 +48,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #include "asterisk/options.h"
 #include "asterisk/manager.h"
 #include "asterisk/astobj2.h"
+#include "asterisk/pbx.h"
 
 /*! \brief
  * replacement read/write functions for SSL support.
@@ -164,6 +165,16 @@ static void *handle_tcptls_connection(void *data)
 	char err[256];
 #endif
 
+	/* TCP/TLS connections are associated with external protocols, and
+	 * should not be allowed to execute 'dangerous' functions. This may
+	 * need to be pushed down into the individual protocol handlers, but
+	 * this seems like a good general policy.
+	 */
+	if (ast_thread_inhibit_escalations()) {
+		ast_log(LOG_ERROR, "Failed to inhibit privilege escalations; killing connection\n");
+		return NULL;
+	}
+
 	/*
 	* open a FILE * as appropriate.
 	*/